As reliance has computers has increased, so has the concern for the computer security. The threat of hackers breaking into computer systems or eavesdropping on communications has prompted many corporations and individuals to implement security strategies. Some of these strategies include encrypting data communication using Secure Socket Layer (SSL) protocol and signing digital documents with digital signatures. The aforementioned security mechanisms require encryption keys (i.e., public and private encryption keys) as well as certificates to authenticate the encryption keys.
Depending on the computer system configuration (e.g., the number of users, the number and types of applications, the level of security, etc.) the computer system may store a number of encryption keys and a number of corresponding certificates. The encryption keys and corresponding certificates are typically stored in a central location, commonly referred to a keystore. In many cases, the keystore is a single file containing all the encryption keys and corresponding certifications for the computer system. Further, the keystore may also be password protected as an extra security precaution.
When an application (or process) requires an encryption key, the application sends a request to the keystore. The entire keystore is subsequently retrieved and queried to obtain the particular encryption key. The first matching encryption key is subsequently returned to the application. Prior to returning the encryption key to the application, the keystore may authenticate the encryption key using the corresponding certificates. Typically, only one application may access the keystore at a time because the keystore is a single file.